From a03a2112257f9b3b1857250fc4e9bf6f4e0c36b6 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Mon, 21 Oct 2024 21:17:18 -0400 Subject: [PATCH] Never use a restricted agent connection Enumerating secret keys with "KEYINFO --list" does not work over a restricted connection. As a result, gpg prints "gpg: problem with fast path key listing: Forbidden - ignored", which Mutt interprets as a prompt the user must respond to. This causes the user to need to press enter twice to send a signed email. Sequoia Chameleon does not implement the fallback and is unable to list secret keys or decrypt messages. The filtering done by split-gpg2 is far stronger than what gpg-agent does, so there is no loss of security. Fixes: QubesOS/qubes-issues#9483 --- splitgpg2/__init__.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/splitgpg2/__init__.py b/splitgpg2/__init__.py index 4c765be..1873d5d 100755 --- a/splitgpg2/__init__.py +++ b/splitgpg2/__init__.py @@ -454,10 +454,14 @@ async def connect_agent(self) -> None: dirs = subprocess.check_output( ['gpgconf', *self.homedir_opts(), '--list-dirs', '-o/dev/stdout']) - if self.allow_keygen: - socket_field = b'agent-socket:' - else: - socket_field = b'agent-extra-socket:' + # Do not use the restricted socket. + # Sequoia Chameleon is unable to list secret keys or decrypt messages, + # and gpg prints "gpg: problem with fast path key listing: Forbidden - ignored", + # which causes Mutt to require the user to press "Enter" again before sending + # a message. + # The filtering done by split-gpg2 is far stronger than anything the agent does + # internally. + socket_field = b'agent-socket:' # search for agent-socket:/run/user/1000/gnupg/S.gpg-agent agent_socket_path = [d.split(b':', 1)[1] for d in dirs.splitlines() if d.startswith(socket_field)][0]